Charities Are Vulnerable To Severe Cyber Attacks

The UK’s charities could be at risk from a series of devastating cyber-attacks, intelligence officials from the National Cyber Security Centre have warned.

With around 200,000 charities registered in the UK, each one contains vast amounts of personal data and payment information on those that support them. This in turn makes them a huge target for the next wave of cyber-crime and potentially breaking the coming GDPR law.

In one case a charity lost £13,000 after its chief executive’s email was hacked. In a new report, experts at the centre, which is part of intelligence agency GCHQ, said charities are falling victim to a range of malicious activity, although the scale is unclear because of under-reporting.

The report said: “The NCSC believe there is considerable variation in charities’ understanding, approach to and application of cyber security". Some charities are aware their data is sensitive, valuable and vulnerable to malicious cyber activity. Fraud aimed at tricking employees with financial authority into transferring money is increasing, according to the report.

It highlighted one episode in which a charity lost £13,000 after the email of its CEO was hacked and a fraudulent message sent to its financial manager with instructions to release the funds.

Datasets containing personal details and financial information are an attractive target for criminals, the study noted. It said:

“Charity datasets may contain personally identifiable information of donors, trustees, patrons, partners, paid staff and volunteers.

“Some large charities hold several million donor records. The data may also include payment details relating to donations including card details.”

While cyber criminals are assessed as posing the greatest threat to the sector, charities are also seen as potentially attractive targets for nation states who “oppose or mistrust their activity”.

Alongside the threat assessment, the NCSC has published a guide outlining steps charities should follow to guard against attacks. They include advice on passwords, backing up data and protecting systems from malware.

NCSC director for engagement Alison Whitney said: “Cyber-attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.

“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets and reputation.”

Helen Stephenson, chief executive of the Charity Commission for England and Wales, said: “Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber-crime for criminal purposes or personal gain is particularly damaging and shocking.

“The threat assessment confirms what we often see in our casework, unfortunately charities are not immune to fraud and cybercrime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.

Huffington Post:     Image: Nick Youngson 

You Migh Also Read: 

Action Fraud: Social Media Used to Steal Charity Donations:

UK Fraud Hotspots Revealed:

 

« Millennials More Likely To Fall Victim To Cybercrime
On Twitter Fake News Gets More Traction Than Truth »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.